browserclaw 0.3.4 → 0.3.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.cjs +10 -7
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +17 -6
  4. package/dist/index.d.ts +17 -6
  5. package/dist/index.js +10 -7
  6. package/dist/index.js.map +1 -1
  7. package/package.json +1 -1
package/dist/index.cjs CHANGED
@@ -355,7 +355,9 @@ async function isChromeReachable(cdpUrl, timeoutMs = 500, authToken) {
355
355
  const headers = {};
356
356
  if (authToken) headers["Authorization"] = `Bearer ${authToken}`;
357
357
  const res = await fetch(`${cdpUrl.replace(/\/+$/, "")}/json/version`, { signal: ctrl.signal, headers });
358
- return res.ok;
358
+ if (!res.ok) return false;
359
+ const data = await res.json();
360
+ return data != null && typeof data === "object";
359
361
  } catch {
360
362
  return false;
361
363
  } finally {
@@ -371,6 +373,7 @@ async function getChromeWebSocketUrl(cdpUrl, timeoutMs = 500, authToken) {
371
373
  const res = await fetch(`${cdpUrl.replace(/\/+$/, "")}/json/version`, { signal: ctrl.signal, headers });
372
374
  if (!res.ok) return null;
373
375
  const data = await res.json();
376
+ if (!data || typeof data !== "object") return null;
374
377
  return String(data?.webSocketDebuggerUrl ?? "").trim() || null;
375
378
  } catch {
376
379
  return null;
@@ -1412,7 +1415,7 @@ async function assertBrowserNavigationAllowed(opts) {
1412
1415
  throw new InvalidBrowserNavigationUrlError(`Navigation blocked: unsupported protocol "${parsed.protocol}"`);
1413
1416
  }
1414
1417
  const policy = opts.ssrfPolicy;
1415
- if (policy?.allowPrivateNetwork) return;
1418
+ if (policy?.dangerouslyAllowPrivateNetwork ?? policy?.allowPrivateNetwork ?? true) return;
1416
1419
  const allowedHostnames = [
1417
1420
  ...policy?.allowedHostnames ?? [],
1418
1421
  ...policy?.hostnameAllowlist ?? []
@@ -1423,7 +1426,7 @@ async function assertBrowserNavigationAllowed(opts) {
1423
1426
  }
1424
1427
  if (await isInternalUrlResolved(rawUrl, opts.lookupFn)) {
1425
1428
  throw new InvalidBrowserNavigationUrlError(
1426
- `Navigation to internal/loopback address blocked: "${rawUrl}". Use ssrfPolicy: { allowPrivateNetwork: true } if this is intentional.`
1429
+ `Navigation to internal/loopback address blocked: "${rawUrl}". ssrfPolicy.dangerouslyAllowPrivateNetwork is false (strict mode).`
1427
1430
  );
1428
1431
  }
1429
1432
  }
@@ -1570,7 +1573,7 @@ async function isInternalUrlResolved(url, lookupFn = promises.lookup) {
1570
1573
  async function navigateViaPlaywright(opts) {
1571
1574
  const url = String(opts.url ?? "").trim();
1572
1575
  if (!url) throw new Error("url is required");
1573
- const policy = opts.allowInternal ? { ...opts.ssrfPolicy, allowPrivateNetwork: true } : opts.ssrfPolicy;
1576
+ const policy = opts.allowInternal ? { ...opts.ssrfPolicy, dangerouslyAllowPrivateNetwork: true } : opts.ssrfPolicy;
1574
1577
  await assertBrowserNavigationAllowed({ url, ssrfPolicy: policy });
1575
1578
  const page = await getPageForTargetId({ cdpUrl: opts.cdpUrl, targetId: opts.targetId });
1576
1579
  ensurePageState(page);
@@ -1595,7 +1598,7 @@ async function listPagesViaPlaywright(opts) {
1595
1598
  async function createPageViaPlaywright(opts) {
1596
1599
  const targetUrl = (opts.url ?? "").trim() || "about:blank";
1597
1600
  if (targetUrl !== "about:blank") {
1598
- const policy = opts.allowInternal ? { ...opts.ssrfPolicy, allowPrivateNetwork: true } : opts.ssrfPolicy;
1601
+ const policy = opts.allowInternal ? { ...opts.ssrfPolicy, dangerouslyAllowPrivateNetwork: true } : opts.ssrfPolicy;
1599
1602
  await assertBrowserNavigationAllowed({ url: targetUrl, ssrfPolicy: policy });
1600
1603
  }
1601
1604
  const { browser } = await connectBrowser(opts.cdpUrl);
@@ -3019,7 +3022,7 @@ var BrowserClaw = class _BrowserClaw {
3019
3022
  static async launch(opts = {}) {
3020
3023
  const chrome = await launchChrome(opts);
3021
3024
  const cdpUrl = `http://127.0.0.1:${chrome.cdpPort}`;
3022
- const ssrfPolicy = opts.allowInternal ? { ...opts.ssrfPolicy, allowPrivateNetwork: true } : opts.ssrfPolicy;
3025
+ const ssrfPolicy = opts.allowInternal ? { ...opts.ssrfPolicy, dangerouslyAllowPrivateNetwork: true } : opts.ssrfPolicy;
3023
3026
  return new _BrowserClaw(cdpUrl, chrome, ssrfPolicy);
3024
3027
  }
3025
3028
  /**
@@ -3041,7 +3044,7 @@ var BrowserClaw = class _BrowserClaw {
3041
3044
  throw new Error(`Cannot connect to Chrome at ${cdpUrl}. Is Chrome running with --remote-debugging-port?`);
3042
3045
  }
3043
3046
  await connectBrowser(cdpUrl, opts?.authToken);
3044
- const ssrfPolicy = opts?.allowInternal ? { ...opts.ssrfPolicy, allowPrivateNetwork: true } : opts?.ssrfPolicy;
3047
+ const ssrfPolicy = opts?.allowInternal ? { ...opts.ssrfPolicy, dangerouslyAllowPrivateNetwork: true } : opts?.ssrfPolicy;
3045
3048
  return new _BrowserClaw(cdpUrl, null, ssrfPolicy);
3046
3049
  }
3047
3050
  /**